diff options
| author | shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2011-05-06 06:19:17 +0000 |
|---|---|---|
| committer | shyouhei <shyouhei@b2dd03c8-39d4-4d8f-98ff-823fe69b080e> | 2011-05-06 06:19:17 +0000 |
| commit | e3a69233e6563e6c95ccdc1040afa00db7b795e9 (patch) | |
| tree | 2b31f4d497f14154f0a57c9b4536ad5d9b89e80c /ext | |
| parent | be237a9d8fad158f7cd0fd58b25eaf5884ab1664 (diff) | |
* ext/syck/rubyext.c (mktime_do): avoid buffer overrun, by
silently ignoring lesser significant digits. Required buffer
length can be computable so you might at first think of
allocating enough memory space on the fly using alloca(). That
is a wrong idea because when using alloca there is always risk
of integer overflow. A function that accepts outer-process
resources like this should not blindly trust its inputs. In
this particular case we just want to generate miliseconds
resolution by strtod() so the string in question needs no more
length than what we originally have. Ignoring lesser
significant digits should suffice I believe.
git-svn-id: svn+ssh://ci.ruby-lang.org/ruby/trunk@31443 b2dd03c8-39d4-4d8f-98ff-823fe69b080e
Diffstat (limited to 'ext')
| -rw-r--r-- | ext/syck/rubyext.c | 6 |
1 files changed, 0 insertions, 6 deletions
diff --git a/ext/syck/rubyext.c b/ext/syck/rubyext.c index b7ab817002..970b64ed05 100644 --- a/ext/syck/rubyext.c +++ b/ext/syck/rubyext.c @@ -281,12 +281,6 @@ mktime_do(VALUE varg) while ( isdigit( *end ) ) end++; length = (int)(end - begin) <= padding ? (int)(end - begin) : padding; MEMCPY(padded, begin, char, length); - length = (int)(end - begin); - if (length > padding) { - length = length - padding; - MEMCPY(padded + offset, begin + padding, char, length); - } - usec = strtod(padded, NULL); } else |